GOOGLE_APPLICATION_CREDENTIALS is not documented and not Docker friendly

[flodolo]

Looks like Pontoon is set up in Heroku with a GOOGLE_CREDENTIALS setting that is unused.

I had to look into the code to find GOOGLE_APPLICATION_CREDENTIALS, which was introduced in #2873 but not documented. This is supposed to point to a local JSON file, which makes its use in Docker very complicated, as such file is removed every time the container is rebuilt. Not completely sure how that works on Heroku.

[flodolo]

I can't find any code or pull request that used GOOGLE_CREDENTIALS. Is it there just to store that info?

[mathjazz]

We use https://github.com/gerynugrh/heroku-google-application-credentials-buildpack, which requires these variables. It is indeed not documented.

[flodolo]

Should we have a special hidden file that is copied over like the .env file?

[flodolo]

BTW, not sure how reliable this is

for env in $(grep -r 'os.environ.get("' pontoon --include="*.py" | sed -n 's/.*os.environ.get("\([^"]*\)".*/\1/p' | sort | uniq); do
  if ! grep -qr "$env" --include="*.rst" .; then
    echo "$env"
  fi
done

Some of these seem unrelated, but others should probably be documented

ADMIN_PASSWORD
DJANGO_LOG_LEVEL
DJANGO_SQL_LOG
GITHUB_CLIENT_ID
GITHUB_SECRET_KEY
GITLAB_CLIENT_ID
GITLAB_SECRET_KEY
GITLAB_URL
GOOGLE_APPLICATION_CREDENTIALS
GOOGLE_AUTOML_WARMUP_INTERVAL
GOOGLE_CLIENT_ID
GOOGLE_SECRET_KEY
HEROKU_DEMO
KEYCLOAK_CLIENT_ID
KEYCLOAK_CLIENT_SECRET
KEYCLOAK_REALM
KEYCLOAK_URL
RAYGUN_APIKEY
SENDGRID_USERNAME
SESSION_COOKIE_HTTPONLY
STATIC_ROOT
SYSTRAN_TRANSLATE_PROFILE_OWNER
SYSTRAN_TRANSLATE_SERVER
TERSER_BINARY
YUGLIFY_BINARY

[mathjazz]

I'd only take care of documenting GOOGLE_APPLICATION_CREDENTIALS & Co. in this issue, and then work on #2234, #2386 and possibly file more related bugs as needed.

I'm not very opinionated on handling the file referenced by GOOGLE_APPLICATION_CREDENTIALS, because it's used rarely locally.